« previous next »
Pages: [1]   Go Down

Author Topic: Network Shield blocking KeePass from .ru traffic, Trojan/Malicious Plugin??  (Read 2083 times)

0 Members and 1 Guest are viewing this topic.

Dom1234

  • Guest
Network Shield blocking KeePass from .ru traffic, Trojan/Malicious Plugin??
« on: December 07, 2011, 09:28:44 AM »
First things first, here's the Network Shield log that really set off a red flag to me, I changed the "http", don't want to direct link or anything:

05.12.2011  13:45:27  Network Shield: blocked access to malicious site hXXp://helloworld1.ru/scanner/?param=126 [ C:\Program Files\KeePass Password Safe 2\KeePass.exe ( 2240 ) ]

Earlier this evening I was helping my grandmother with some standard maintenance with her computer, just the usual sort of stuff.  She mentioned that the day before "something had popped up saying that a virus or something was blocked."  I checked the statistics to see what could've happened.  Eventually I seen that the Network Shield had blocked a connection and that KeePass.exe was mentioned... It caused a sickening feeling in my gut, considering how much sensitive information is contained within KeePass.

So unless I'm misinterpreting the log information, was KeePass itself trying to make an oubound connection to this site?

Is it possible that there's some sort of trojan or virus affecting Keepass, or possibly a malicious plugin? I've tried to do some research, but I've not seen any other reports of KeePass making any outbound traffic quite like this. I also don't know if she was unknowingly redirected to this site through one of the hundreds of email and Facebook links she tends to visit weekly, despite how often I warn her to be cautious :'(.

As far as Keepass Plugins go, she has two installed, the same two I use as well  :-[, they're:
"Web Site Advantage KeePass Firefox Importer 2.1.7.0"
"Favicon Downloader 1.6.0.0"
The KeePass version is 2.17

ANY help would be very greatly appreciated. In the meantime I've got her computer shut off from the internet and I'm thoroughly scanning it with Avast/Malwarebytes, etc. I suspect I'll have to end up doing a full reformat if these turn up nothing. I'm curious to know if there is indeed some trojan or virus that's targeting KeePass specifically, if these plugins are suspect, or if I'm misreading the alert entirely and making a big fuss over nothing :P. I made a HijackThis log as well if anyone has an inkling of interest to see that.

Thanks!
« Last Edit: December 07, 2011, 09:56:19 AM by Dom1234 »
Logged
Pages: [1]   Go Up
« previous next »